This bug report may be invalid, it seems ldapsearch is fussy and requires all certificates up the chain be verifiable. So the following commands fixed the problem:
cd /etc/ssl/certs cat root.pem class3.pem > /etc/ssl/cacert.pem vim /etc/ldap/ldap.conf to use the value for TLS_CACERT I believe it is the following: The key is signed by cacerts class 3 certificate which is signed by the root certificate. Some programs (like openvpn and newer versions of ldapsearch) require every certificate up the chain can be verified, however others like openssl s_client are OK with just the class 3 certificate. Brian May -- ldap over ssl fails https://bugs.launchpad.net/bugs/231321 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
